📄️ Binary Protections
Static analysis is the examination of an executable in its non-running state. For iOS devices, most of this can be performed on the device itself, but it may be faster to copy the binary from the device and on to a macOS host to perform the analysis. These examples are from a macOS host analyzing an iOS executable called bufferoverflow1.
📄️ Data Protections / Entitlements
iOS leverage’s an API called "Data Protection" which is used to assign a class to each file the application creates. This assigned class can one of the four listed below. They are used to encrypt and protect each individual file of the app. The encryption keys associated with data protection are stored in the Secure Enclave Processor (SEP) with all other encryption keys.
📄️ Header Files
A header file contains C-language definitions and structures. Centralizing information into a header file facilitates the creation and update of programs. Because #include statements are used to insert header files into a C-language program, header files are often referred to as include files.
📄️ Binary Strings
It may be worthwhile to dump the strings from the binary for review of hard-coded information.
📄️ Property Lists (PLIST)
Apple Property List (PLIST) files are a versatile file format used extensively across macOS, iOS, and other Apple operating systems for storing serialized objects. The format is primarily used for configuration (settings files), but also extensively for internal data storage and inter-process communication.